Resolve merge conflict

Change the style of cvss_printer display Add a new filter to print cvss vectors Change the table heading to Vertical Add support for CVSS vectors display Signed-off-by: ziadhany <ziadhany2016@gmail.com>
aboutcode-org · Nov 21, 2023 · 2563eb7 · 2563eb7
1 parent f1fad9f
commit 2563eb7
Show file tree

Hide file tree

Showing 5 changed files with 106 additions and 1 deletion.
diff --git a/vulnerabilities/severity_systems.py b/vulnerabilities/severity_systems.py
@@ -37,6 +37,10 @@ def compute(self, scoring_elements: str) -> str:
         """
         return NotImplementedError
 
+    def get(self, scoring_elements: str):
+        """ """
+        return None
+
 
 @dataclasses.dataclass(order=True)
 class Cvssv2ScoringSystem(ScoringSystem):
@@ -49,6 +53,9 @@ def compute(self, scoring_elements: str) -> str:
         """
         return str(CVSS2(vector=scoring_elements).base_score)
 
+    def get(self, scoring_elements: str) -> dict:
+        return CVSS2(vector=scoring_elements).as_json()
+
 
 CVSSV2 = Cvssv2ScoringSystem(
     identifier="cvssv2",
@@ -71,6 +78,9 @@ def compute(self, scoring_elements: str) -> str:
         """
         return str(CVSS3(vector=scoring_elements).base_score)
 
+    def get(self, scoring_elements: str) -> dict:
+        return CVSS3(vector=scoring_elements).as_json()
+
 
 CVSSV3 = Cvssv3ScoringSystem(
     identifier="cvssv3",

diff --git a/vulnerabilities/templates/vulnerability_details.html b/vulnerabilities/templates/vulnerability_details.html
@@ -1,4 +1,5 @@
 {% extends "base.html" %}
+{% load show_cvss %}
 {% load humanize %}
 {% load widget_tweaks %}
 {% load static %}
@@ -52,6 +53,13 @@
                             </span>
                         </a>
                     </li>
+                    <li data-tab="severities-vectors">
+                        <a>
+                            <span>
+                                Severities vectors ({{ severity_vectors|length }})
+                            </span>
+                        </a>
+                    </li>
                 </ul>
             </div>
             <div id="tab-content">
@@ -297,6 +305,63 @@
                     </table>
                 </div>
 
+                <div class="tab-div content" data-content="severities-vectors">
+                    {% for severity_vector in severity_vectors %}
+                        {% if severity_vector.version == '2.0'  %}
+                            Vector: {{ severity_vector.vectorString }}
+                            <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
+                          <tr>
+                            <th>Exploitability (E)</th>
+                            <th>Access Vector (AV)</th>
+                            <th>Access Complexity (AC)</th>
+                            <th>Authentication (Au)</th>
+                            <th>Confidentiality Impact (C)</th>
+                            <th>Integrity Impact (I)</th>
+                            <th>Availability Impact (A)</th>
+                          </tr>
+                          <tr>
+                            <td>{{ severity_vector.exploitability|cvss_printer:"high,functional,unproven,proof_of_concept,not_defined" }}</td>
+                            <td>{{ severity_vector.accessVector|cvss_printer:"local,adjacent_network,network" }}</td>
+                            <td>{{ severity_vector.accessComplexity|cvss_printer:"high,medium,low" }}</td>
+                            <td>{{ severity_vector.authentication|cvss_printer:"multiple,single,none" }}</td>
+                            <td>{{ severity_vector.confidentialityImpact|cvss_printer:"none,partial,complete" }}</td>
+                            <td>{{ severity_vector.integrityImpact|cvss_printer:"none,partial,complete" }}</td>
+                            <td>{{ severity_vector.availabilityImpact|cvss_printer:"none,partial,complete" }}</td>
+                          </tr>
+                        </table>
+                        {% elif severity_vector.version == '3.1' or severity_vector.version == '3.0'%}
+                            Vector: {{ severity_vector.vectorString }}
+                            <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
+                              <tr>
+                                <th>Attack Vector (AV)</th>
+                                <th>Attack Complexity (AC)</th>
+                                <th>Privileges Required (PR)</th>
+                                <th>User Interaction (UI)</th>
+                                <th>Scope (S)</th>
+                                <th>Confidentiality Impact (C)</th>
+                                <th>Integrity Impact (I)</th>
+                                <th>Availability Impact (A)</th>
+                              </tr>
+                              <tr>
+                                <td>{{ severity_vector.attackVector|cvss_printer:"network,adjacent_network,local,physical"}}</td>
+                                <td>{{ severity_vector.attackComplexity|cvss_printer:"low,high" }}</td>
+                                <td>{{ severity_vector.privilegesRequired|cvss_printer:"none,low,high" }}</td>
+                                <td>{{ severity_vector.userInteraction|cvss_printer:"none,required"}}</td>
+                                <td>{{ severity_vector.scope|cvss_printer:"unchanged,changed" }}</td>
+                                <td>{{ severity_vector.confidentialityImpact|cvss_printer:"high,low,none" }}</td>
+                                <td>{{ severity_vector.integrityImpact|cvss_printer:"high,low,none" }}</td>
+                                <td>{{ severity_vector.availabilityImpact|cvss_printer:"high,low,none" }}</td>
+                              </tr>
+                            </table>
+                        {% endif %}
+                        {% empty %}
+                            <tr>
+                                <td>
+                                    There are no known CVSS vectors.
+                                </td>
+                            </tr>
+                        {% endfor %}
+                </div>
             </div>
         </div>
     </section>

diff --git a/vulnerabilities/templatetags/__init__.py b/vulnerabilities/templatetags/__init__.py
@@ -0,0 +1,8 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
diff --git a/vulnerabilities/templatetags/show_cvss.py b/vulnerabilities/templatetags/show_cvss.py
@@ -0,0 +1,17 @@
+from django import template
+from django.utils.safestring import mark_safe
+
+register = template.Library()
+
+
+@register.filter(is_safe=True)
+def cvss_printer(selected_vector, vector_values):
+    """highlight the selected vector value and return a list of paragraphs"""
+    p_list = []
+    selected_vector = selected_vector.lower()
+    for vector_value in vector_values.split(","):
+        if selected_vector == vector_value:
+            p_list.append(f"<p class='has-text-black-bis mb-2'>{selected_vector}</p>")
+        else:
+            p_list.append(f"<p class='has-text-grey mb-2'>{vector_value}</p>")
+    return mark_safe("".join(p_list))
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
@@ -6,7 +6,6 @@
 # See https://github.com/nexB/vulnerablecode for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
-
 from django.contrib import messages
 from django.core.exceptions import ValidationError
 from django.core.mail import send_mail
@@ -24,6 +23,7 @@
 from vulnerabilities.forms import PackageSearchForm
 from vulnerabilities.forms import VulnerabilitySearchForm
 from vulnerabilities.models import VulnerabilityStatusType
+from vulnerabilities.severity_systems import SCORING_SYSTEMS
 from vulnerabilities.utils import get_severity_range
 from vulnerablecode.settings import env
 
@@ -130,6 +130,11 @@ def get_context_data(self, **kwargs):
                 "severity_score_range": get_severity_range(
                     {s.value for s in self.object.severities}
                 ),
+                "severity_vectors": [
+                    SCORING_SYSTEMS[s.scoring_system].get(s.scoring_elements)
+                    for s in self.object.severities
+                    if s.scoring_elements
+                ],
                 "references": self.object.references.all(),
                 "aliases": self.object.aliases.all(),
                 "affected_packages": self.object.affected_packages.all(),